The CyberWire Daily Briefing 12.18.15
At week's end many discuss the shifting and often difficult to discern relationships among various threat actors. Vanity Fair's profile of the late Junaid Hussain, the ISIS/Daesh Internet operator who got his start in the allegedly Anonymous-connected TeamP0is0n, offers a tutorial on line-crossing in cyberspace.
In Russia and the Near Abroad, CyberBerkut is back in the news, as is APT28, and here again one sees the difficulty of distinguishing cut-outs, fronts, and sock puppets from hacktivist or criminal groups. CyberBerkut, although it clearly acts in the interests of Russian policy, seems to observers to be composed of Ukrainian hackers. And APT28 may or may not be state actors or just Russian criminals — or perhaps both. FireEye's director of threat intelligence talks to SC Magazine about the complexities behind the simple statement "[Country X] did it."
How to respond in cyberspace to ISIS remains a vexed question. The Saudi-led anti-terror coalition erected this week with much éclat seems to be crumbling with equal éclat, as some members say membership therein was news to them. And as investigations in Paris and San Bernardino reveal more about terrorist Internet inspiration and use, some law professors wonder why police couldn't treat visits to Daesh websites the way they treat visits to child-exploitation sites.
Juniper Networks discloses and swiftly patches a flaw in NetScreen firewalls. Cisco does the same with a root-access bug in an Application Policy Infrastructure Controller.
CryptoLocker and TeslaCrypt circulate through new vectors. CryptoLocker, says Heimdal, is troubling Scandinavian users of PostNord.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Bahrain, Bangladesh, Benin, Brazil, Chad, China, Comoros, Cote d'Ivoire, Denmark, Djibouti, Egypt, Estonia, European Union, Gabon, Germany, Guinea, Iraq, Jordan, Kuwait, Latvia, Lebanon, Libya, Maldives, Mali, Malaysia, Morocco, Mauritania, Niger, Nigeria, Norway, Qatar, Palestine, Pakistan, Poland, Russia, Senegal, Sierra Leone, Slovakia, Somalia, Sudan, Sweden, Syria, Togo, Tunisia, Turkey, Ukraine, United Arab Emirates, United Kingdom, United Nations, United States, and and Yemen.
Cyber Attacks, Threats, and Vulnerabilities
The Curious Case of the Jihadist Who Started Out as a Hacktivist (Vanity Fair) Since the Paris attacks last month, many denizens of the hacker collective Anonymous have set out to take on their most fearsome target yet: ISIS — or its digital wing anyway. As they wage a new kind of war in this social-media era, they're up against an enemy that's learned at least some of its tricks from a man who was once one of their own. What the brief life and violent death of Junaid Hussain can teach us about the way we fight now
Islamic State Seeks Recruits in China (Voice of America) The Islamic State terror group is recruiting Chinese Muslims to enlist in its extremist cause and join IS fighters "on the battlefield"
Afghanistan Wants To Take 'Islamic State Radio' Off The Air (Radio Free Europe / Radio Liberty) Afghan authorities say they are trying to track down a radio station — allegedly established by the Islamic State (IS) extremist group — that is spreading antigovernment propaganda in eastern Nangarhar Province
APT28 targeted 'top European political figures' (ITProPortal) Bitdefender has jumped on the bandwagon of cyber-security companies saying Russians are behind the APT28 hacker group, also known as Sofacy
Meet CyberBerkut, The Pro-Russian Hackers Waging Anonymous-Style Cyberwarfare Against Ukraine (International Business Times) Ukraine is under cyberattack. A small, roving group of hackers called CyberBerkut is trying to humiliate the pro-Western government in Kiev by leaking details on everything from government officials' personal lives to international arms deals. But, even scarier, CyberBerkut is using methods that pale in comparison to the much larger, more sophisticated digital cannon that can be traced straight back to the Kremlin
Did 'China' do it? SC speaks to Laura Galante, FireEye's director of threat intelligence (SC Magazine) SC sat down with FireEye's director of threat intelligence to talk about the recent cyber-talks between China and the US and what exactly we mean when say 'China did it'
"Unauthorized code" in Juniper firewalls decrypts encrypted VPN traffic (Ars Technica) Backdoor in NetScreen firewalls gives attackers admin access, VPN decrypt ability
Important Announcement about ScreenOS® (Juniper Security Response) Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS® software
Root privilege flaw in Cisco controller (SC Magazine) An access control vulnerability — that allows root access via a local system — was reported in a Cisco Application Policy Infrastructure Controller, according to Security Tracker
SlemBunk Android Banking Trojan Targets 31 Banks Across the World (Softpedia) Trojan works by injecting fake logins into legitimate apps
TeslaCrypt ransomware sent using malicious spam (Internet Storm Center) Since late November 2015, malicious spam (malspam) distributing TelsaCrypt ransomware has surged in a recent attack offensive
Ghostware and Two-Faced Malware Coming in 2016 (HackRead) Malware is increasingly sophisticated. In 2016, look for two developing malware families
Optus confirms data breach on Freelancer.com (ZDNet) A number of Optus customers had their personal information revealed in a spreadsheet posted by debt collector firm ARC on Freelancer[dot]com
BitTorrent in Corporate Networks a Sign of Breaches: BitSight (eWeek) While Bittorrent is not a direct cause of malware, networks that use the peer-to-peer service are much more likely to have botnets and other compromised systems
Security Alert: This Cryptolocker Package is Not the One You Were Waiting for (Heimdal Security) The devil is in the details, as they say. Over the past 3 days, the Heimdal Security team has analyzed a new wave of spam emails that use PostNord as bait. This restarts the wave of attacks that we spotted in September, October and November, which employed similar tactics
Nemucod malware spreads ransomware Teslacrypt around the world (We Live Security) From time to time, some malware propagation campaigns reach high propagation levels in one or several countries during a few days. In those cases, the users are specially vulnerable if they don't protect their systems properly
Scammers peddle adult dating, webcam spam through legitimate email notifications (Symantec Security Response) Built-in email notifications from Dropbox and Google+ are being used to evade spam filters
Xbox Live pummeled by DDoS attack; hacker group claims responsibility (Ars Technica) Phantom Squad had threatened to mimic Lizard Squad, take down gaming services
Banks: Card Breach at Landry's Restaurants (KrebsOnSecurity) Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry's Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick's, and Morton's
Blockchain transactions create risks for financial services (Help Net Security) Trust is the most valuable commodity in the digital age. Failure to trust the systems or organizations in which we place our digital assets leads us to look at alternate providers, or to withdraw entirely from a suspect service
Facebook Threatens Researcher Over Instagram Hack (SecurityWeek) A researcher claims he was threatened by Facebook after he responsibly disclosed a series of vulnerabilities and configuration weaknesses that allowed him to gain access to sensitive information stored on Instagram servers, including source code and the details of users and employees
Facebook, Researcher Spar Over Instagram Vulnerabilities (Threatpost) A security researcher is in a bit of a scrum with Facebook over vulnerability disclosures that not only tested the boundaries of the social network's bug bounty program, but he said, also prompted hints of legal and criminal action
FireEye Patches Flaw Found by Google (BankInfoSecurity) Has Firm Been Reaching Out to Security Research Community?
Security Patches, Mitigations, and Software Updates
2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH negotiation may trigger system crash (?CVE-2015-7754) (Juniper Networks) This issue can affect any product or platform running ScreenOS 6.3.0r20
Google Search Rankings Prefer HTTPS by Default (Threatpost) Nothing in Google's arsenal carries more weight than its search engine rankings. Pair that weapon with a desire to inspire encrypted connections on the web, and you have a pretty powerful combination
Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits (IDG via InfoWorld) The technology can now block websites or malicious ads that try to exploit vulnerabilities in popular software
Microsoft Trusted Root Certificate program getting a lot less trusting (Regster) Redmond goes 'yoink!' on twenty CAs
Verizon Samsung Galaxy S6 Edge+ And Note 5 Getting December Firmware Update (Tech Times) Verizon has begun pushing out the much needed December security update for Samsung's Galaxy Note 5 and Galaxy S6 edge+
Cyber Trends
Cyberattack prediction: Hackers will target a US election next year (PCWorld) Hackers are entering the political realm, security expert Bruce Schneier says
What we have learned from 2015's biggest cyber hacks (Telegraph) Defense is not enough — we need a diagnostic system too
Schools, iPhones and the IoT: WatchGuard Predicts New Hunting Grounds for Hackers in 2016 (WatchGuard) From spear phishing to IoT and malvertising, security threats to plan for in the coming year
ISACA identified 5 key cybersecurity trends to watch out for next year (FierceITSecurity) Cyberattacks have been on the rise. This has been a bad year for data breaches, ransomware and other types of attacks. But what does 2016 hold?
Stolen medical records not limited to health care organizations (Business Insurance) The issue of stolen medical records extends beyond the health care industry, affecting 18 out of 20 industries examined by Verizon Communications Inc. in a study issued Thursday
Six things we learned from Verizon's report on health data breaches (MedCityNews) Verizon Communications on Thursday released a much-hyped report on health data breaches. We would have covered it earlier in the day, but some news organizations blew the embargo and published stories Wednesday
Marketplace
Australian corporate counsel under cyber attack but no plans to increase security spend (ComputerWeekly) Australia's corporate counsel are suffering a high rate of data breaches compared to many regions, but do not plan to spend more on preventative security
SMBs in US, UK, Australia Lack Resources; Consider Outsourcing IT Security (Hot for Security) Some 81% of decision makers in small and medium-sized businesses from the US, the UK, and Australia surveyed by Wakefield Research consider that outsourcing cybersecurity would enhance their ability to focus on core business processes, while only 37% say they are completely ready to manage IT security and protect against threats
Russia's cyber-attack losses may reach US$1 bn (SC Magazine) Russian businesses are forecast to lose almost US$ 1 bn (70 billion rubles £662 million) from cyber-attacks this year and this figure is expected to continue to grow in the near future, Lev Khasis, first deputy chairman of Sberbank, Russia's largest state-owned bank, and a former vice-president of Wal-Mart
Security Talent Gap Threatens Adoption Of Analytics Tools (Dark Reading) Finding qualified personnel with the right skillsets to configure and operate analytics platforms is a big challenge today, but workforce development, training, and more intuitive technology could help
Cybersecurity professionals: Five ways to increase the talent pool (TechTarget) The lack of cybersecurity skills in the industry is glaring, but there are ways for educators, vendors and enterprises to fix the problem. Sean Martin explains how
Exciting work and high pay: kids must be sold on benefits of cyber security careers (V3) Selling cyber security as a lucrative, exciting profession and staying away from tired 'hacker' stereotypes is key to solving the cyber skills gap according to Ian Glover, president of accreditation and security testing firm CREST
Army moves fast to get prototype kits for Cyber Protection Teams (Defense Systems) Using an innovative acquisition approach, the Army has awarded two contracts for next-generation prototype kits to support its Cyber Protection Teams
Dell's Cybersecurity Unit SecureWorks Files to Go Public (Fortune) Dell CEO Michael Dell and Silver Lake managing partner Egon Durban would serve on the company's board of directors
Eastwind cloud-based breach detection startup emerges from stealth mode (FierceITSecurity) Eastwind Breach Detection, a startup offering a hybrid network breach detection platform from enterprises and government agencies, came out of stealth mode on Wednesday
ESET Grows Faster than its Top 5 Peers and the Global Security Software Market as a Whole (PRWire) ESET continues to gain market share in both the consumer and corporate segments of the Endpoint Security Software market
Chinese firms in cyber security deals (Shanghai Daily) Chinese IT companies are taking action to defend the country against the risk of cyber attacks seen as an increasing threat to national security
NowForce Raises $4.5m in Series B Funding (Baystreet) NowForce, a developer of comprehensive mobile emergency response solutions, announced today that it has raised $4.5 million in a Series B round of funding led by Verint Systems Inc. (NASDAQ:VRNT), along with the participation of current investors Winnovation, Indigo Strategic Holding LP and Monet Venture Group Limited
Cyberthreat analysis and intelligence: Innovators 2015 (SC Magazine) Securonix is heavy on the threat analysis piece
Cylance Named a Dell Founders 50 Innovative Technology Startup (MarketWired via EIN News) Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent, rather than just reactively detect, advanced persistent threats and malware, announced today that it has been named a Dell Founders 50 Innovative Technology Startup company, one of a small number of global startups that Dell feels are poised to become household names in the near future by disrupting their respective industries
Yoram Golandsky, CEO of CybeRisk™, Named a Trailblazer in CyberSecurity by the National Law Journal (CNN Money) Finjan Holdings, Inc. (NASDAQ: FNJN), a cybersecurity company, today announced that Yoram Golansky, Chief Executive Officer of CybeRisk Security Solutions, LTD., has been named to the National Law Journal's inaugural list of Trailblazers in Cybersecurity and Data Protection
Boston Global Forum Honors Bruce Schneier as Business Leader in Cybersecurity (BusinessWire) Resilient Systems CTO awarded on Global Cybersecurity Day
Kaspersky security shakes up U.S. leadership amid geopolitical concerns (Reuters) Top Russian cybersecurity company Kaspersky Lab has recently lost the leader of its North American operations and the head of a Washington-area office as it struggles to win U.S. government contracts amid rising geopolitical mistrust
Cloudlock Announces Key New Executive Hire and Internal Promotions (MarketWired via EIN News) Security industry veteran and former Senior VP of Product Management at Trustwave John Amaral to head up CloudLock's product delivery organization
SecureRF Announces Mike McGregor as COO to Secure the Internet of Things (SecureRF) New Chief Operating Officer extends identification, authentication, and data protection solutions to Silicon Valley
Products, Services, and Solutions
PerfTech and Interface Masters Partner to Provide a Non-Intrusive In-Browser Messaging Solution (Interface Masters) PerfTech, a leader in in-browser messaging, and Interface Masters, a leader in Network Visibility and Uptime Solutions, have partnered to offer a turn-key network communication solution that provides both non-blocking visibility into all network traffic and proactive subscriber messaging services
Tripwire releases new whitelist app targeted at regulated industries (FierceITSecurity) Security firm Tripwire released on Wednesday its Whitelist Profile app that enables enterprises in regulated industries to create automated, customizable reports on required/permitted system settings for more than 600 policy and platform compliance requirements
Pwnie Express Receives Prestigious SC Magazine Security Innovator for "One of the Best Crystal Balls in the Business" (MarketWired via EIN News) Pwn Pulse™ recognized for its industry defining ability to detect, fingerprint, and analyze rogue, misconfigured, and unauthorized wireless and wired devices threatening all workplaces
Applying Behavioral Analysis to Security (Virtualization Review) A discussion with Fortscale about version 2.0
Bitdefender, Norton Top Mac OS X Antivirus Test Ratings (Toms Guide) Whether you agree or disagree with its rankings, few companies test security products as assiduously (and as regularly) as AV-TEST
AV-TEST: Volle Punktzahl für G DATA INTERNET SECURITY FÜR ANDROID (Pressebox) Mobile Sicherheitslösung schützt Android-Nutzer umfassend vor Schadprogrammen und ist kinderleicht zu bedienen
Technologies, Techniques, and Standards
Eight reasons why trust is broken online (Computing) The recent row between Symantec and Google over rogue SSL certificates is just one of many incidents that have called into question the role of commercial certificate authorities as a single point of trust on the internet
Cyber Threat Intelligence and the Market of One (SecurityWeek) The shift away from one-size-fits-all to viewing every individual customer as a "market of one" was pioneered by companies like Levi's, Dell and Amazon
Advent tip #18: Avoid typosquatting — type carefully at Christmas! (Naked Security) A few years ago, in the leadup to the holiday season, we programmed a computer to use the web carelessly
Design and Innovation
Tech and Banking Giants Ditch Bitcoin for Their Own Blockchain (Wired) Several major companies from across both the technology and financial industries — including IBM, Intel, and Cisco as well as the London Stock Exchange Group and big-name banks JP Morgan, Wells Fargo, and State Street — have joined forces to create an alternative to the blockchain, the global online ledger that underpins the bitcoin digital currency
How network segmentation provides a path to IoT security (Network World) Examining the different approaches to cybersecurity in the age of the Internet of Things
BlackBerry CEO rips into Apple's pro-privacy stance, ignores its own hypocrisy (ZDNet) Analysis: Apple and Google have put device access into their user's hands, locking out the government in the process. BlackBerry said that has put us in a "dark place"
Legislation, Policy, and Regulation
Saudi Arabia's new anti-terrorism coalition stirs questions and controversy (Los Angeles Times) In a region chock full of anti-terrorism coalitions, the newest alliance has managed to raise the ire of countries left out — as well as eyebrows among some named as part of the club
Islamic State: UN resolution aims to curb funding (BBC) Finance ministers from the 15 nations on the UN Security Council have adopted a resolution aimed at starving the so-called Islamic State of funds
Global Internet governance document takes a light approach to cybersecurity (FierceGovernmentIT) The United Nations General Assembly adopted a final review of the implementation and outcomes from the United Nations' World Summit on the Information Society, or WSIS, which was held in Tunis in 2005 — providing an opportunity for world leaders to reaffirm prior goals and commit to new ones related to global Internet governance
New EU rules on data protection put the citizen back in the driving seat (Help Net Security) New EU data protection legislation, informally agreed on Tuesday and backed by Civil Liberties MEPs on Thursday morning, will create a uniform set of rules across the EU fit for the digital era
China Calls for Internet Front to Fight Hacking, Cyber 'Arms Race' (Gadgets 360°) China's President Xi Jinping laid out his vision for the Internet on Wednesday, calling for a new status quo where Internet sovereignty rests in the hands of nations controlling the flow of information
White House sends cyber deterrence policy to Congress (FCW) The Obama administration has outlined its cyber deterrence policy for lawmakers after long-standing criticism from Capitol Hill that the administration lacked a strategy
Cybersecurity Bill Included in Omnibus Appropriations Package (National Review) Major cybersecurity legislation was included in an omnibus appropriations and tax reform package, essentially ensuring the President will sign the measure into law
Cybersecurity Information Sharing In the "Ominous" Budget Bill: A Setback for Privacy (Center for Democracy and Technology) Incorporated into the 2,009-page omnibus spending bill released late Tuesday night is the Cybersecurity Act of 2015, a cyber information sharing bill based primarily on the Senate's Cybersecurity Information Sharing Act (CISA-S.754)
A familiar, troubling path on cybersecurity (Charlotte Observer) Two years ago this week, a federal judge spoke for many Americans when he issued a scathing ruling on the National Security Agency's collection of virtually all the country's phone records
House approves port cybersecurity bill (The Hill) The House this week unanimously approved a bill to boost cybersecurity at U.S. ports
Business cyber security disclosure bill introduced in U.S. Senate (Reuters via Business Insurance) Companies would have to disclose publicly whether they have anyone on their board who is a "cyber security expert" under legislation introduced in the U.S. Senate on Thursday
Tech firms push back on 'reactionary' politics following terror attacks (Christian Science Monitor Passcode) As lawmakers and presidential candidates advocate for mandates on tech companies to fight terrorism, Internet companies warn against policies they say could jeopardize their users' civil liberties and stifle innovation
Surveillance After the USA Freedom Act: How Much Has Changed? (Huffington Post) It has been two and a half years since Edward Snowden's disclosures revealed the massive scope of our government's bulk surveillance of global telecommunications
Beyond Government Spying, Corporate Surveillance Is A Fact Of Modern Life (Mint Press News) "Sure, massive amounts of data are no longer being collected — by the NSA," one journalist wrote after the Freedom Act became law. "That's because now, telecommunications corporations have simply taken over where the government left off"
Cybersecurity detection centers, extensive training recommended by NG911 working group (Urgent Communications) Establishing cybersecurity intrusion, detection and prevention systems — tentatively called Emergency Communications Cybersecurity Centers (EC3's) — across the country and better educating teams at public-safety answering points (PSAPs) are key pieces of the best approach to combat current and future cyber attacks on 911 data networks, a member of FCC's Task Force on Optimal PSAP Architecture (TFOPA) said last week
National Guard to Deploy Cyber Surveillance Reconnaissance Squadron in California (Techwire) The National Guard Bureau will deploy 13 new cyber protection teams composed of about 500 soldiers across the nation to help protect the network infrastructure, the military arm announced Dec. 9
Litigation, Investigation, and Law Enforcement
To break terrorist encryption, pay off Apple and Google, expert urges (Computerworld via CSO) Another suggests using other tech tools already available
Should visitors to ISIS sites face punishments like fines or jail time? (Naked Security) In the US, it was called Operation Avalanche. In the UK, its name was Operation Ore
Neighbor of San Bernardino Attackers Faces Terrorism Charges (New York Times) Enrique Marquez, who supplied the assault rifles used to kill 14 people in a massacre in San Bernardino, Calif., this month, was arrested Thursday and charged with crimes including conspiring to support terrorists. Court papers show that he and one of the attackers had steeped themselves for years in radical and violent Islamist propaganda, including the teachings of the extremist cleric Anwar al-Awlaki and bomb-making techniques from an Al Qaeda magazine
First on CNN: Paris attackers likely used encrypted apps, officials say (CNN) Investigators of the Paris attacks have found evidence they believe shows some of the terrorists used encrypted apps to hide plotting for the attacks, officials briefed on the investigation tell CNN
WhatsApp blocked in Brazil after it refuses to hand over user data (Naked Security) On Thursday, a Brazilian judge overturned a 48-hour block of WhatsApp that a lower court had imposed when the company refused to hand over user data demanded by prosecutors in an investigation
Brazil's brief WhatsApp fiasco bodes ill (Blouin Beat) Messaging services — particularly ones based in the U.S. — have long been a thorn in the side of countries like China, which are wrestling with censorship demands and monitoring users. Brazil is not known for similar internet censorship problems, and yet this week it was mired in legal and political messes related to the mobile messaging service WhatsApp. Reuters reports that on Thursday a Brazilian judge ordered the lifting of a 48-hour suspension of the app in Brazil, following outcries from the app's approximate 100-million user-wide base
Carter Apologizes as Hill Calls for Investigation Into Emails (Defense News) Secretary of Defense Ash Carter on Thursday took personal responsibility for an improper use of personal email for Defense Department business as influential members of Congress called for an investigation into the matter
LifeLock to pay $100 million to settle FTC contempt charges (Reuters via Business Insurance) LifeLock Inc., which sells identity theft monitoring and fraud detection services, has agreed to pay $100 million to settle charges that it failed to properly protect its customers' data, the Federal Trade Commission said on Thursday
6 Men Admit to Running a Global $100M Software Piracy Ring (Wired) If you bought an inexplicably cheap copy of Photoshop or Microsoft Office in the last few years, even from a site as reputable as Overstock.com or Amazon, you may have been an unwitting customer in a $100 million global piracy ring — one that's now ended with guilty pleas from half a dozen men across nearly as many states
A Sobering View of International Cybercrime (IT Business Edge) A few months ago, I had the opportunity to sit in on a talk given by Christian Karam, a digital crime officer, cyber innovation and outreach, with Interpol, at G DATA's 30th anniversary celebration
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, Jan 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged, attack patterns, and trends seen in these attacks. In addition, these attacks are characterized by targets, time, and degree of success. Following the quantitative reporting, the remainder of the presentation focuses on an actionable plan for securing the enterprise. Simply describing the problem is no longer sufficient. This plan consists of a multi-step roadmap, a product independent approach to securing the enterprise against the previously described attack vectors
CES CyberSecurity Forum (Las Vegas, Nevada, USA, Jan 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers to tackle current and looming cyber security challenges. Registration is limited to ensure a highly interactive experience and opportunities for networking
FloCon 2016 (Daytona Beach, Florida, USA, Jan 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic
Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, Jan 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
FTC PrivacyCon (Washington, DC, USA, Jan 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
POPL 2016 (St. Petersburg, Florida, USA, Jan 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports
Automotive Cyber Security Summit — Shanghai (Shanghai, China, Jan 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
CyberTech 2016 (Tel Aviv, Israel, Jan 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction
Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, Jan 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel